Re: [saag] Ubiquitous Encryption: spam filtering
"John R Levine" <johnl@taugh.com> Tue, 30 June 2015 20:04 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A08151B2CAB for <saag@ietfa.amsl.com>; Tue, 30 Jun 2015 13:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNAGBLw6oiBu for <saag@ietfa.amsl.com>; Tue, 30 Jun 2015 13:04:28 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F5151B2CAD for <saag@ietf.org>; Tue, 30 Jun 2015 13:04:28 -0700 (PDT)
Received: (qmail 29124 invoked from network); 30 Jun 2015 20:04:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=71c2.5592f657.k1506; bh=EP+Wr0Y/CnIIwuVGTVWwdC4cXdn5El6nZrqjHrxFgJs=; b=F1WYU4suVeolDTtIlyo+krMoR3NrLtgYdjLk7YQ+bKr/1ylRKaf4y9YSNm6BmoRa8QjvKwRXVG1ynWSfMOq0/iGGMOX150O3Lx2brC9sYZ6opSaNOsid7todLkORLKLgUVLeP/WXTLAdm9x4ouB5lk08GNvlnPId6SrRsVqaOJNujxV807/kt6L6pxCd2kBHc3hPbGpE2D4fDWtdjqfwYOWDZgT42uRhPAeJHBdlfx7zBlTHClMU0nfPUIosXfSV
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=71c2.5592f657.k1506; bh=EP+Wr0Y/CnIIwuVGTVWwdC4cXdn5El6nZrqjHrxFgJs=; b=l0M/muL7TKg1pd7kOZQ1yqUjpguBt5DkFtgFvraiV/dmK/PvCsXWfBsust+CDUe2DsMAr7s4v8mW5ImZDzJ5wsu4zU/uFFyfPOqTz988kYjOlGetofidVYcJI5E9gDK0tH3J3PP4yBmVYeJJU/O4xvm+Rqeh3lVXP6jbIyB93lCUq/au0d9LFvrVZgU2nnUOFRbwaasxHMdCvIE3sq9vfLOj3aRS1reupI6Tejp2MyO+r2Ui8S+h8X9BH0bFHaQi
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 30 Jun 2015 20:04:38 -0000
Date: Tue, 30 Jun 2015 16:04:25 -0400
Message-ID: <alpine.OSX.2.11.1506301600130.78297@ary.lan>
From: John R Levine <johnl@taugh.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
In-Reply-To: <CAMm+Lwhcx-AGo_T1E4cjNoAP9n4xnGweGebq2z4cHRpWBNopTA@mail.gmail.com>
References: <20150623151902.89304.qmail@ary.lan> <CAMm+LwjG7=r1B5J2P9WNpEefs9kC+b9ZLM+Q71-KJ=3jb6Gq_Q@mail.gmail.com> <559236DF.7080203@bogus.com> <CAMm+Lwhcx-AGo_T1E4cjNoAP9n4xnGweGebq2z4cHRpWBNopTA@mail.gmail.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/OojNWbUTR8PKcJYeIR5tR6wfzNE>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: spam filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 20:04:29 -0000
> The first last and only reason phishing is possible is that we use > authentication credentials that we expect people to keep in their head, > never write down and only ever give them to people who are trustworthy. That's some of it, but I've seen malware that does MITM attacks to redirect transactions authenticated with uncompromised two-factor devices. If all of the pieces are used exactly correctly, you're pretty secure, but we know how likely that is in the long term. Like I said about spam, it's a hard problem. In spam, exempting people you know from spam filtering doesn't work. Partly that's because the introduction problem is as hard as the spam problem, partly that's because it'll just push spammers toward using compromised legit accounts, something they do a lot of already. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
- [saag] Ubiquitous Encryption: spam filtering John Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Nico Williams
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering joel jaeggli
- Re: [saag] Ubiquitous Encryption: spam filtering Eliot Lear
- Re: [saag] Ubiquitous Encryption: spam filtering Dave Crocker
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: spam filtering John R Levine
- Re: [saag] Ubiquitous Encryption: spam filtering Phillip Hallam-Baker